Win32汇编实现判断进程是否拥有某特殊权限
来源:互联网 发布:淘宝卖家打折设置 编辑:程序博客网 时间:2024/05/16 14:12
本文做为《Win32汇编实现提升进程Debug权限的两种方法 》的姊妹篇发布,希望在需要的时候为大家提供参考。
(声明:魏滔序原创,转贴请注明出处。)
;::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
; Win32汇编实现判断进程是否拥有某特殊权限
; Programmed by 魏滔序
; WebSite: http://www.chenoe.com
; Blog: http://blog.csdn.net/Modest
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.486
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include Advapi32.inc
includelib kernel32.lib
includelib Advapi32.lib
.code
Start:
IsPrivilege PROC hProcess,dwPrivilege
LOCAL hToken,BufferSize,i
LOCAL tPrivilege:LUID_AND_ATTRIBUTES
LOCAL pInfoBuffer,PrivilegeCount
Invoke OpenProcessToken,hProcess, TOKEN_QUERY, ADDR hToken
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
Invoke GetTokenInformation,hToken,TokenPrivileges, NULL, NULL, addr BufferSize
.If BufferSize == 0
MOV EAX,FALSE
RET
.EndIf
MOV EAX,BufferSize
Invoke GlobalAlloc,GMEM_FIXED,EAX
MOV pInfoBuffer,EAX
Invoke GetTokenInformation,hToken,TokenPrivileges, pInfoBuffer, BufferSize, addr BufferSize
PUSH EAX
Invoke CloseHandle,hToken
POP EAX
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
MOV i,0
Invoke RtlMoveMemory, addr PrivilegeCount,pInfoBuffer, 4
.While TRUE
MOV EAX,SIZEOF LUID_AND_ATTRIBUTES
IMUL EAX,i
ADD EAX,pInfoBuffer
ADD EAX,4
Invoke RtlMoveMemory, addr tPrivilege,EAX, SIZEOF LUID_AND_ATTRIBUTES
MOV EAX,dwPrivilege
.IF tPrivilege.Attributes != 0 && tPrivilege.Luid.LowPart == EAX
MOV EAX,TRUE
RET
.EndIf
ADD i,1
MOV EAX,i
.Break .IF EAX==PrivilegeCount
.EndW
MOV EAX,FALSE
RET
IsPrivilege Endp
End Start
; Win32汇编实现判断进程是否拥有某特殊权限
; Programmed by 魏滔序
; WebSite: http://www.chenoe.com
; Blog: http://blog.csdn.net/Modest
;:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
.486
.model flat,stdcall
option casemap:none
include windows.inc
include kernel32.inc
include Advapi32.inc
includelib kernel32.lib
includelib Advapi32.lib
.code
Start:
IsPrivilege PROC hProcess,dwPrivilege
LOCAL hToken,BufferSize,i
LOCAL tPrivilege:LUID_AND_ATTRIBUTES
LOCAL pInfoBuffer,PrivilegeCount
Invoke OpenProcessToken,hProcess, TOKEN_QUERY, ADDR hToken
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
Invoke GetTokenInformation,hToken,TokenPrivileges, NULL, NULL, addr BufferSize
.If BufferSize == 0
MOV EAX,FALSE
RET
.EndIf
MOV EAX,BufferSize
Invoke GlobalAlloc,GMEM_FIXED,EAX
MOV pInfoBuffer,EAX
Invoke GetTokenInformation,hToken,TokenPrivileges, pInfoBuffer, BufferSize, addr BufferSize
PUSH EAX
Invoke CloseHandle,hToken
POP EAX
.If EAX == 0
MOV EAX,FALSE
RET
.EndIf
MOV i,0
Invoke RtlMoveMemory, addr PrivilegeCount,pInfoBuffer, 4
.While TRUE
MOV EAX,SIZEOF LUID_AND_ATTRIBUTES
IMUL EAX,i
ADD EAX,pInfoBuffer
ADD EAX,4
Invoke RtlMoveMemory, addr tPrivilege,EAX, SIZEOF LUID_AND_ATTRIBUTES
MOV EAX,dwPrivilege
.IF tPrivilege.Attributes != 0 && tPrivilege.Luid.LowPart == EAX
MOV EAX,TRUE
RET
.EndIf
ADD i,1
MOV EAX,i
.Break .IF EAX==PrivilegeCount
.EndW
MOV EAX,FALSE
RET
IsPrivilege Endp
End Start
- Win32汇编实现判断进程是否拥有某特殊权限
- Android判断应用是否拥有某种权限
- 判断Android设备是否拥有Root权限
- win32实现判断指定进程中是否存在(code)
- Win32汇编实现提升进程Debug权限的两种方法
- Win32汇编实现枚举进程(PSAPI.DLL)
- 判断JS对象是否拥有某属性
- 判断JS对象是否拥有某属性
- 判断js对象是否拥有某属性
- JS判断对象是否拥有某属性
- 判断JS对象是否拥有某属性
- 判断JS对象是否拥有某属性
- 判断JS对象是否拥有某属性
- 如何判断进程是否具有administrator权限
- WIN32汇编: 14.进程
- win32判断当前进程是否是64位
- Win32判断当前进程是否激活(失去焦点)
- Win32汇编-实现注入进程进行IAT HOOK
- Ajax相关资料站
- C/C++中操作符的优先级和求值顺序
- CSharp download (html, binary file)
- DWR最简单可行的例子
- 学习心得-iPhone OS概述
- Win32汇编实现判断进程是否拥有某特殊权限
- Compare 2 string with case sensitive
- C++中的引用
- C++中的类型转换
- C++中的头文件
- jsp中处理数据的问题
- 通过修改注册表添加IE右键菜单
- 中江话八级考试
- 备份注册表